Field
Aspects of the present invention generally relate to an information processing server system which starts use of a web service in accordance with agreement to terms of the web service, a control method, and a program.
Description of the Related Art
In recent years, business in which services are provided for customers using servers provided on the Internet, such as cloud services, has been widely provided. In such business, different services are provided, and a customer selects a desired one of the services and makes a contract of only the required service.
Furthermore, when such a service is provided for a certain customer company, a service provider newly generates a tenant to be assigned to the customer company. Furthermore, an initial user who manages the newly-generated tenant on the customer company side is generated and is registered in the tenant. An administrator of the customer company logs into the service as the generated initial user and adds the user to the assigned tenant, and in addition, performs required settings so that the customer company may start use of the service.
The user who actually uses the service is requested to agree to terms of service defined by the service provider and use of personal information when logging in the service for the first time. Only after agreeing to the terms of service and the use of personal information, the user may log in and use the service in some cases. As for the terms of service, the user may be requested to agree to different terms of service for different services or may be requested to agree to the same terms of service which are shared by different services so as to use all the services.
In general, access to a server protected by an authentication function is performed using a cookie after storing an authentication session representing that authentication is successfully performed as a result of login to the service in a web browser of a client as the cookie. When web pages provided by the server are to be accessed, the client transmits a cookie to the server. Then the server determines that the accesses to the web pages are performed by the same user and provides the services to the user. As disclosed in Japanese Patent No. 4056390, when a cookie of an authentication session is supplied to a web browser of a client, the web browser is allowed to access a web page protected by an authentication function.
When agreement to terms of service and use of personal information is requested to each user, the user performs login using a login screen of a server. The server obtains information on a service usable by the user and information on terms of service in which the user has agreed and provides a screen for making agreement to terms of service which are determined that the user has not agreed. When a result of an agreement by the user is supplied to the server through the agreement screen, the server requires a cookie of an authentication session so as to specify the user who has agreed the terms of service.
However, if the cookie of the authentication session is supplied to a web browser, it is possible that a web service becomes available without the agreement of the terms of service. Specifically, when the user directly specifies a URL of the service using the web browser while the agreement screen is displayed, the user may access and use the web service without the agreement to the terms of service.